Information recording medium, information recording device, information reproduction device, information delivery device, their methods, their programs, and recording medium recording programs thereon

ABSTRACT

Contents encrypted by content encryption keys AE R1 , AE R34  and content decryption keys AD R1 , AD R34  encrypted by encryption keys BE 4 , BE 6 , BE 7  are recorded on recording media  301, 302.  The encryption keys BE 4 , BE 6 , BE 7  differ among playback regions  1  to  4  preset to control the permission and inhibition of content playback. Content playback regions can be limited by using only the encryption keys of regions where playback is permitted. Even if a key is leaked out, the other playback regions are not affected because the encryption keys differ among playback regions and therefore the copyright protection function is increased.

TECHNICAL FIELD

The present invention relates to an information recording medium, aninformation recording device, an information playback device, aninformation delivery device, their methods, their programs and arecording medium recording the programs thereon.

BACKGROUND ART

As a recording medium (information recording medium) for recordingcontents (information, data) of multimedia data and the like such asmusic and images, there is used optical disk of DVD (Digital VersatileDisc) and the like. In such optical disk, in order to protect thecopyright of contents, a method, in which flags unique to regions calledas region code (regional code) are used to limit regions permitted toplay the recording medium, is employed.

That is to say, region codes are provided to both of optical disk andplayback device (playback equipment and playback software), which playsinformation recorded in the optical disk. When playing the optical disk,the playback device reads a region code included in the optical disk,and only when the region code agrees with the region code of its own,the playback is permitted; thereby playback regions are limited.

Since the contents recorded on such optical disk are digital data, evenwhen the data are copied, the data does not deteriorate. Accordingly,once the contents have been copied from the optical disk in anunauthorized manner, considerable disadvantage will be caused to thecopyright holder. Therefore, in addition to the above-described regioncode for limiting the playback regions, recently the following techniquehas been employed to protect the copyright; that is, the contentsthemselves recorded on optical disk are encrypted so that, even when thecontents are copied in an unauthorized manner, the data are preventedfrom being viewed.

Specifically, it is arranged so that contents recorded on optical diskare previously encrypted using a predetermined encryption key, and theencrypted contents are decrypted using a decryption key, which is ownedby playback device, and played thereby.

In order to ensure the effectiveness of copyright protection, it isnecessary to allow the medium side to manage the permission andinhibition of playback of the contents by a particular playback devicesuch as a playback device of which decryption key is leaked out, or thelike. Therefore, it is arranged so that different decryption keys areprovided to each of the playback devices, and, in order to make playbackof the contents inhibited (i.e., to make the particular playback devicerevoked), what need to do is to encrypt the content using an encryptionkey which can not be decrypted by the decryption key owned by theparticular playback device, and record it on the optical disk.

Here, such method in which an encryption key has a one-to-onecorrespondence to the contents is available. However, from the needs ofsecurity to revoke a particular playback device, or the like, in thecase where it is necessary to use plural encryption keys, everycontents, each encrypted with respective encryption key, have to berecorded on the recording medium. Therefore, there is a problem in thepoint of recording capacity.

Therefore, the following method has been employed; that is, a decryptionkey for decrypting the contents is encrypted with another encryptionkey, and a decryption key for decrypting the encryption key ispreviously incorporated in each of the playback devices.

However, in the case that each of the playback devices is recorded withonly one decryption key, a content decryption key has to be encryptedwith an encryption key, which matches with all decryption keys owned bythe playback devices, has to be recorded in the optical disk. Even ifthe size of each of the encrypted content decryption keys is small, whenthe number of the playback devices becomes large, the data volume alsobecomes larger. Therefore, it is hardly put to practical use.

Therefore, in order to reduce the number of the encrypted contentdecryption keys to be recorded in optical disk, plural decryption keys,which are managed in a hierarchical architecture using a tree structureor the like, are prepared beforehand; and each of the playback devicesis recorded with plural decryption keys so that the combination of thedecryption keys is different from each other among the playback devices.

By employing the arrangement as described above, the following advantagecan be obtained. That is, even in the case where a decryption key usedin a particular playback device is leaked out, when a new optical diskrecorded with the contents is manufactured, by using an encryption keymatching with a decryption key which is not provided to the particularplayback device, it is possible to prevent playback of the contents bythe particular playback device. Thus, the disadvantage at the leakage ofthe key can be minimized.

In the system as described above, it is possible to reduce the number ofthe decryption keys for encrypted contents to be recorded in opticaldisk. On the other hand, compared to the case where only one decryptionkey is recorded in each of the playback devices, it is necessary tomanage a large number of keys. That is, the optical disk has to berecorded with decryption keys for contents encrypted by encryption keyscorresponding to each of the decryption keys. The playback device sidealso has to be recorded with many decryption keys.

As a method for effectively managing the plural keys as described above,the following documents 1 and 2 describe a key management system havinga tree structure.

Document 1: D. Naor, M. Naor, and J. Lotspiech, “Revocation and TracingScheme for Stateless Receivers,” Proceedings of CRYPTO 2001, LectureNotes in Computer Science, Vol. 2139, pp. 41-62, 2001.

Document 2: Nakano Toshihisa, Omori Motoshi, Matsuzaki Natsume,Tatebayashi Makoto, “Key Management System for Digital ContentProtection—Tree Pattern Division Method—” Proceedings of the 2002Symposium on Cryptography and Information Security, pp. 715-720.

Document 1 describes a complete sub-tree method, which is a keymanagement system using the tree structure. In this method, as shown inFIG. 1, each playback device is allotted to respective leaf position (anode positioned at the lowermost layer in the tree structure). Also,each node including a root (a node positioned at the uppermost layer inthe tree structure) and leaves are allotted respectively with oneencryption key BE_(i) and one decryption key BD_(i) correspondingthereto. The encryption key BE_(i) and the decryption key BD_(i) havesuch relationship that a cipher encrypted using the encryption keyBE_(i) can be decrypted by a playback device having a decryption keyBD_(i), which has the same suffix “_(i)”; and mate with each other onthe one-to-one basis. In FIG. 1, only the decryption key BD_(i) isindicated as the representative but the corresponding encryption keyBE_(i) is omitted.

On the other hand, each of the playback devices is previously providedwith decryption keys BD_(i,) which are included in a path from the node,to which the playback device itself is allotted, to the root.

In the example shown in FIG. 1, there are 16 playback devices, and eachof the playback devices 1-16 has 5 decryption keys BD_(i). For example,a playback device 4 is provided with 5 decryption keys BD₁, BD₂, BD₄,BD₉, and BD₁₉, which are marked with a circle in FIG. 1. Generally, thenumber of the decryption keys BD_(i) owned by a playback device is;log₂N+1, assuming that the total number of the playback devices is N.

In the case where playback permission is given to all playback devices1-16, the medium 401 is recorded with Encryption (content decryption keyAD, encryption key BE₁) and Encryption (contents, content encryption keyAE). Here, the Encryption ( ) represents an encryption algorithm; andthe Encryption (argument 1, argument 2) represents a cipher-text, inwhich the argument 1 is encrypted by using the argument 2 as theencryption key.

Accordingly, the medium 401 is recorded with contents encrypted by thecontent encryption key AE and a content decryption key AD encrypted bythe encryption key BE₁. Every playback device 1-16 owns the decryptionkey BD₁ corresponding to the encryption key BE₁. Accordingly, whenplaying the medium 401, each of the playback devices 1-16 decrypts thecontent decryption key AD using the decryption key BD₁ of its own, andthen, decrypts the contents using the content decryption key AD to playthe contents.

On the other hand, when revoking particular (one or plural) playbackdevice(s), (namely, to set up the medium so that the contents can not beplayed by the playback device(s)), a new content encryption key AE₂ forencrypting the contents and a content decryption key AD₂ correspondingthereto are prepared first, and the contents are encrypted by using thenew content encryption key AE₂.

Then, the following sub-trees are created, the sub-tees including theminimum number of the playback devices in the sub-trees covering everyplayback device excluding the playback device to be revoked. And thecontent decryption key AD₂ is encrypted by the encryption keys BE_(i)allotted to the root of the sub-tees.

For example, as shown in FIG. 2, when revoking the playback device 4,the content decryption key AD₂ is encrypted by using decryption keysBD₃, BD₅, BD₈ and BD₁₈ so that the decryption key owned by the playbackdevice 4 is not included.

And, the encrypted contents (encrypted contents=Encryption (contents,content encryption key AE₂)) and the encrypted content decryption keyAD₂ (AD₂=Encryption (content decryption key AD₂, encryption keyBE₃)|Encryption (content decryption key AD₂, encryption keyBE₅)|Encryption (content decryption key AD₂, encryption keyBE₈)|Encryption (content decryption key AD₂, encryption key BE₁₈)) arerecorded in the new medium 402. The symbol “|” means that two pieces ofthe data are combined with each other.

Owing to the above arrangement, the new medium 402 can not be played bythe playback device 4 but can be played by other playback devices.

In this case, compared to the case of the medium 401, the number of theencrypted content decryption keys AD₂ to be record in the medium 402 islarger, and the upper limit of the number is expressed as rlog₂(N/r),assuming that the number of the playback devices to be revoked is “r”;and the total number of playback devices is “N”. However, since the datavolume of the content decryption key is much smaller than that of thecontents, it will not be a considerable problem in the point of thestorage capacity even if the number thereof increases to a certainextent.

The method disclosed in the document 2 is a method called as treepattern division method. In plural nodes in each layer of a treestructure, the node which includes a playback device to be revoked inthe sub-node thereof is represented by “1”; and the node without thesame is represented by “0”. These values are combined with each otherfrom the left end of the tree structure in order to create a noderevocation pattern. And these node revocation patterns are allotted withencryption keys (decryption keys) different from each other. Thereby,the number of the decryption keys owned by the playback devices isprevented from increasing as well as the size of the key information tobe recorded in a recording medium is made smaller.

These techniques set forth in the documents 1 and 2 are used forrevocation of decryption key in specific playback devices without havingany connection with the playback control in the limited region based onthe region code.

In the case of the prior art which uses the above-described region code,the region code recorded in the recording medium such as optical diskand the region code of the playback device are simply compared to eachother to determine whether or not the both agree with each other.Accordingly, for example, there resides the following problem. That is,if the region code of the medium side or the playback device side isrewritten in an unauthorized manner, or a region code comparator in theplayback device side is removed therefrom, a medium or a playback devicecapable of playback in any region can be obtained relatively easily.

Also, in the case of the technique which revokes specific playbackdevice using a tree structured key management system as set forth in theabove documents 1 and 2, the playback function based on the limitedregion like region code is not provided. Accordingly, when limiting theregions where playback is permitted, the region code has to be usedtogether. Accordingly, for example, a problem accompanying the casewhere the region code is used also arises.

Further, when the encryption key or the decryption key is brokenthrough, in every recording medium, the content decryption key and thecontent encryption key have to be changed. Accordingly, for example,such problem resides in; i.e., countermeasure against the above is hardto be taken.

DISCLOSURE OF THE INVENTION

In view of above-described problems, it is therefore an object of thepresent invention to provide an information recording medium capable oflimiting playback regions to enhance the copyright protection function,an information recording device, an information playback device, aninformation delivery device, their methods, their programs and arecording medium recording the program thereon.

An aspect of the present invention is to provide an informationrecording medium recording contents encrypted using a content encryptionkey, and a content decryption key used for decrypting the encryptedcontents and encrypted by an encryption key for decryption key, whereinthe encryption key for decryption key is different for each of theregions preset for at least controlling the permission and inhibition ofplayback of the contents, the content encryption key and the contentdecryption key are established corresponding to each of the regionswhere the content playback is permitted, or corresponding to thecombination of the regions where content playback is permitted.

Another aspect of the present invention is to provide an informationrecording device which comprises: a content encryption key inputtingsection for establishing and inputting a content encryption keycorresponding to each of the regions where playback of the contents ispermitted, or corresponding to combination of the regions where contentplayback is permitted, a content decryption key inputting section forestablishing and inputting a content decryption key utilized fordecrypting the contents encrypted by the content encryption key, anencryption key for decryption key selecting section for selecting anencryption key for decryption key corresponding to the region whereplayback of the contents is permitted, a content encryption section forencrypting the contents utilizing the content encryption key, a contentdecryption key encrypting section for encrypting the content decryptionkey using the encryption key for decryption key, and a recording sectionfor recording at least the encrypted contents and the encrypted contentdecryption key to an information recording medium.

A further aspect of the present invention is to provide an informationplayback device for playing information including contents encryptedutilizing a content encryption key, and a content decryption key usedfor decrypting the encrypted contents and encrypted by an encryption keyfor decryption key, the device comprising: a decryption key storingsection storing a decryption key for decryption key for decrypting thecontent decryption key encrypted by the encryption key for decryptionkey, a content decryption key decrypting section for decrypting thecontent decryption key by using the decryption key for decryption key, acontent decrypting section for decrypting the contents by utilizing thecontent decryption key, and a playback section for playing the decryptedcontents; wherein the decryption keys for decryption key is differentfor each of the regions preset for at least controlling the permissionand inhibition of the content playback, the content encryption key andthe content decryption key are established corresponding to each of theregions where content playback is permitted, or corresponding to thecombination of the regions where content playback is permitted.

Still another aspect of the present invention is to provide aninformation delivery device which comprises: a delivery section fordelivering contents encrypted utilizing a content encryption key, andcontent decryption key used for decrypting the encrypted contents andencrypted by an encryption key for decryption key.

Still another aspect of the present invention is to provide aninformation recording method which comprises the steps of: obtainingselection information of the regions where playback of the contents ispermitted, establishing a content encryption key and a contentdecryption key corresponding to the selected regions or the combinationthereof, obtaining an encryption key for decryption key preset inaccordance with the selected region, encrypting the contents utilizingthe content encryption key, encrypting the content decryption key usingthe encryption key for decryption key, and recording the encryptedcontents and the encrypted content decryption key to an informationrecording medium.

Still another aspect of the present invention is to provide aninformation playback method for playing information including contentsencrypted utilizing a content encryption key, and a content decryptionkey used for decrypting the encrypted contents and encrypted by anencryption key for decryption, wherein the decryption key for decryptionkey is different for each of the regions preset at least for controllingthe permission and inhibition of the content playback, the contentencryption key and the content decryption key are establishedcorresponding to the each of the regions where content playback ispermitted or, in accordance with the combination of regions wherecontent playback is permitted, the method comprising the steps of:checking whether or not an information playback device has a decryptionkey for decryption key corresponding to the encryption key fordecryption key encrypting the content decryption key, decrypting thecontent decryption key using the decryption key for decryption key whenthe information playback device has the corresponding decryption key fordecryption key, decrypting the contents utilizing the decrypted contentdecryption key, and playing the decrypted contents.

Still another aspect of the present invention is to provide aninformation recording program, wherein the program causes a computer toexecute any of the aforesaid information recording methods.

Still another aspect of the present invention is to provide a recordingmedium recording an information recording program, wherein the aforesaidinformation recording program is recorded so as to be read out by acomputer.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a schematic diagram showing a key management system in a priorart of the present invention,

FIG. 2 is a schematic diagram showing a key management system in a priorart of the present invention,

FIG. 3 is a block diagram showing the configuration of a recordingdevice in a fist embodiment of the present invention,

FIG. 4 is a diagram showing a data format of a signal S1 in FIG. 3,

FIG. 5 is a diagram showing a data format of the signal S2 in FIG. 3,

FIG. 6 is a diagram showing a data format of the signal S3 in FIG. 3,

FIG. 7 is a diagram showing a data format of the signal S4 in FIG. 3,

FIG. 8 is a diagram showing a data format of the signal S5 in FIG. 3,

FIG. 9 is a diagram showing a data format of the signal S6 in FIG. 3,

FIG. 10 is a diagram showing a data format of the signal S7 in FIG. 3,

FIG. 11 is a block diagram showing the configuration of a playbackdevice in the first embodiment,

FIG. 12 is a diagram showing a data format of a signal S11 in FIG. 11,

FIG. 13 is a diagram showing a data format of the signal S12 in FIG. 11,

FIG. 14 is a diagram showing a data format of the signal S13 in FIG. 11,

FIG. 15 is a diagram showing a data format of the signal S14 in FIG. 11,

FIG. 16 is a diagram showing a data format of the signal S15 in FIG. 11,

FIG. 17 is a diagram showing a data format of the signal S16 in FIG. 11,

FIG. 18 is a schematic diagram showing a key management system in thefirst embodiment,

FIG. 19 is a schematic diagram showing a key management system in thefirst embodiment,

FIG. 20 is a flowchart showing a processing step in the recording deviceof the first embodiment,

FIG. 21 is a flowchart showing a processing step in the playback deviceof the first embodiment,

FIG. 22 is a schematic diagram showing a key management system in asecond embodiment of the present invention,

FIG. 23 is a schematic diagram showing a key management system in athird embodiment of the present invention,

FIG. 24 is a schematic diagram showing the key management system in thethird embodiment,

FIG. 25 is a schematic diagram showing the key management system in thethird embodiment, and

FIG. 26 is a block diagram showing the configuration of a recordplayback system in a fourth embodiment of the present invention.

BEST MODES FOR CARRYING OUT THE INVENTION

Now, embodiments of the present invention will be described by referringto the accompanying drawings.

First Embodiment

First, a first embodiment of the present invention will be described byreferring to FIG. 3 to FIG. 21.

The present embodiment is a record and playback system including arecording device 100 as an information recording device for recordinginformation (contents) on a recording medium as an information recordingmedium and a playback device 200 as an information playback device forplaying the information on the recording medium.

Configuration of the Recording Device

The configuration of the recording device 100 according to theembodiment will be described by referring to the block diagram of FIG.3. The recording device 100 writes contents on a master disk 101 foroptical disk as a recording medium.

In the recording device 100 shown in FIG. 3, the detail of the cuttingmethod (master disk manufacturing method) of the master disk 101 andmanufacturing method of optical disks and the like for playback only ofDVD-ROM (Digital Versatile Disc—Read Only Memory) on which informationis previously recorded using the manufactured master disk 101 are wellknown. Therefore, illustrations and detailed descriptions thereof willbe omitted here.

As shown in FIG. 3, the recording device 100 is provided with a datainputting circuit 110, a content decryption key inputting circuit 120 asa content decryption key inputting section, a content encryption keyinputting circuit 130 as a content encryption key inputting section, adata encryption circuit 140 as a content encryption section, a keyencryption key inputting circuit 150 as a decryption-key encryption keyselecting section, a content decryption key encryption circuit 160 as acontent decryption key encryption section, an error correction circuit170, and a media recording section 180 as a recording section.

Each of the circuits 110, 120, 130, 140, 150, 160 and 170 may becomprised of an exclusive hardware respectively. Or the recording device100 may be provided with hardware resources such as a central processingunit (CPU) and a main memory, and the function of each circuit may beachieved as collaboration between the hardware resources and a program,which is installed into the CPU to be executed.

The data inputting circuit 110 is a circuit for inputting contents,which is to be recorded on optical disk as a recording medium, to therecording device 100. Ordinarily, the contents are various kinds ofmultimedia data such as music and images. However, the contents are notlimited to the above, but can be ordinary document data or the like. Thedata inputting circuit 110 outputs a signal S1, which is the inputcontents, to the data encryption circuit 140.

As for the data inputting circuit 110, for example, a circuit whichreads a recording medium such as magnetic tape or DVD-RW recorded withmaster data of contents and outputs the signal S1; a circuit whichaccesses a computer recorded with master data of contents via acommunication line such as a LAN and the Internet, and downloads thedata to read and output the signal S1, and the like are available.

An example of data format of the signal S1 is shown in FIG. 4. Thesignal S1 comprises contents (data) only.

The content decryption key inputting circuit 120 is a circuit whichinputs a content decryption key AD_(R) for decrypting the contents. Thecontent decryption key inputting circuit 120 outputs the input contentdecryption key AD_(R) as a signal S2 to the content decryption keyencryption circuit 160. Here, as the content decryption key AD_(R),values different from each other among the regions where playback of thecontents is permitted, or among the combinations of the regions, areinput. Specifically, when one or more regions, where playback of thecontents is permitted, are selected from preset playback permittedregions by a content owner, the content decryption key inputting circuit120 sets up the content decryption key AD_(R) in accordance with thecombination of the selected regions (including the case where there isonly a single region), and outputs the key as a signal S2.

An example of data format of the signal S2 is shown in FIG. 5. Thesignal S2 is constituted by the content decryption key AD_(R) only.

The playback permitted regions are, like conventional region code,preset to set up the permission and inhibition of content playback.Specifically, in accordance with the region code, the global regions maybe set up as “North America, Japan, Europe, Arab, Southeast Asia, SouthAmerica, Australia, Africa, Russia, South Asia and China.” Further, in amore detailed manner, the regions may be set up based on country ordistrict of country.

The content encryption key inputting circuit 130 is a circuit forinputting a content encryption key AE_(R). The content encryption keyinputting circuit 130 outputs the input content encryption key AE_(R) asa signal S3 to the data encryption circuit 140. Here, the contentencryption key AE_(R) and the content decryption key AD_(R) are set upso that the following relationship is established; i.e., P=Decryption(Encryption (arbitrary data P, content encryption key AE_(R)), contentdecryption key AD_(R)). Accordingly, like the content decryption keyAD_(R), the content encryption key AE_(R) is also set up based onregions, where playback of the contents is permitted, or combinationthereof.

An example of data format of the signal S3 is shown in FIG. 6. Thesignal S3 is comprised of the content encryption key AE_(R) only.

Here, the Decryption ( ) represents a decryption algorithm. TheDecryption (argument 1, argument 2) represents the data in which theargument 1 is decrypted by the argument 2 as the decryption key.Accordingly, the above P represents the data in which a cipher-text ofarbitrary data P encrypted using the content encryption key AE_(R) isdecrypted using the content decryption key AD_(R).

The data encryption circuit 140 is a circuit, which encrypts the signalS1 (S1=contents) using the signal S3 (S3=content encryption key AE_(R)),and outputs a signal S4 (S4=Encryption (contents, content encryption keyAE_(R))). Accordingly, the signal S4 is contents encrypted using thecontent encryption key AE_(R). An example of data format of the signalS4 is shown in FIG. 7.

The key encryption key inputting circuit 150 is a circuit which inputsencryption key (encryption key for decryption-key) BE_(i) for encryptingthe content decryption key AD_(R). Here, the encryption keys BE_(i) aredifferent for each of the regions, which are preset to at least managethe permission and inhibition of content playback. An encryption keyBE_(i) is selected and input in accordance with the regions whereplayback of the contents is permitted.

Therefore, in the case where playback is permitted in plural regions,for example, plural encryption keys BE_(i) are occasionally input. Forexample, when N encryption keys of BE₁, BE₂, . . . , BE_(i), . . .BE_(N−1), and BE_(N) are input, the key encryption key inputting circuit150 outputs a signal S5 (S5=encryption key BE₁|encryption key BE₂|. . .|encryption key BE_(i)|. . . |encryption key BE_(N−1)|encryption keyBE_(N)). Accordingly, the signal S5 is a piece of data, in which pluralencryption keys BE_(i) input by the key encryption key inputting circuit150 are combined with each other. An example of data format of thesignal S5 is shown in FIG. 8.

The content decryption key encryption circuit 160 is a circuit, whichencrypts the signal S2 (S2=content decryption key AD_(R)) using each ofthe encryption keys BE_(i) included in the signal S5 and adds headerinformation of Header (encryption key BE_(i)) thereto and outputs asignal S6.

Here, the signal S6=Header(encryption key BE₁)|Encryption (contentdecryption key AD_(R), encryption key BE₁)|Header(encryption keyBE₂)|Encryption (content decryption key AD_(R), encryption key BE₂)|. .. |Header(encryption key BE_(i))|Encryption (content decryption keyAD_(R), encryption key BE_(i))|. . . |Header(encryption keyBE_(N−1))|Encryption (content decryption key AD_(R), encryption keyBE_(N−1))|Header(encryption key BE_(N))|Encryption (content decryptionkey AD_(R), encryption key BE_(N)).

Hereinafter, in order to simplify the expression, the signal S6 isexpressed as: signal S6=Header (encryption key BE_(i))|Encryption(content decryption key AD_(R), encryption key BE_(i)). That is, asshown in FIG. 9, the signal S6 is constituted by the content decryptionkey AD_(R) encrypted using the plural encryption keys BE_(i) and theheader information Header (encryption key BE_(i)).

The header information Header (encryption key BE_(i)) is the informationused for identifying the encryption key BE_(i) used.

The error correction circuit 170 is a device, which inputs the signal S4(S4=Encryption (contents, content encryption key AE_(R))) and the signalS6 (S6=Header (encryption key BE_(i))|Encryption (content decryption keyAD_(R), encryption key BE_(i))), combines them with each other and addsan error correction code thereto, and outputs them as signal S7.

As shown in FIG. 10, the signal S7 is a signal comprised of contentsencrypted by the content encryption key AE_(R), N content decryptionkeys AD_(R) encrypted by N encryption keys BE_(i), header information ofeach of the encryption keys BE_(i) and an error correction code. Thatis, S7=Header (encryption key BE_(i))|Encryption (content decryption keyAD_(R), encryption key BE_(i))|Encryption (contents, content encryptionkey AE_(R))|ECC.

Here, ECC stands for an error correction code. Incidentally, the detailof the method for error correction using the ECC is well-knowntechnique; so, the description thereof will be omitted.

The media recording section 180 is a device which records the inputsignal S7 to a recording medium such as an optical disk or a master diskfor manufacturing optical disks. For example, when the master disk 101is used as the recording medium, a laser oscillator for cutting masterdisk is used as the media recording section 180. On the other hand, whena various kinds of optical media, which are capable of recording such asDVD-R, DVD-RW, DVD-RAM and CD-R, is used as the recording medium, alaser oscillator for recording data is used as the media recordingsection 180.

Incidentally, as the recording medium on which data are recorded by themedia recording section 180, when a large amount of optical disks ismanufactured, generally, the master disk 101 is used. When a smallamount of optical disks is manufactured in a manner of on-demandproduction or the like, a various kinds of recording optical disk isused.

Configuration of the Playback Device

Next, a schematic configuration of the playback device 200, which is aninformation playback device for playing optical disk as the recordingmedium recorded with contents, will be described by referring to a blockdiagram shown in FIG. 11 and data format diagrams shown in FIG. 12 toFIG. 17.

The playback device 200 is provided with an information reading section210, an error correction circuit 220, a decryption key storage device230 as a decryption key storing section, a content decryption keydecryption circuit 240 as a content decryption key decrypting section, adata decryption circuit 250 as a content decrypting section and adecoder 260 as a content playback section. The playback device 200 playscontents recorded in the optical disk 201 as the recording medium, andoutputs the contents on an output equipment such as a display and aspeaker.

Here, the optical disk 201 is an optical disk as the recording medium,which is manufactured using the master disk 101 of which data isrecorded by the recording device 100 as the original; for example, theoptical disk 201 can be a DVD-ROM or a CD-ROM.

Each of the circuits 220, 240, 250, the decryption key storage device230 and the decoder 260 may be constituted by a dedicated hardwarerespectively. Or the playback device 200 may be provided with hardwareresources such as a central processing unit (CPU) and a main memory, andthe function of each section may be achieved as collaboration betweenthe hardware resources and a program, which is installed into the CPU tobe executed.

The information reading section 210 is a device such as an opticalpick-up, which reads out the information recorded on the optical disk201 and outputs a signal S11. The signal S11 (S11=Header (encryption keyBE_(i))|Encryption (content decryption key AD_(R), encryption keyBE_(i))|Encryption (contents, content encryption key AE_(R))|ECC) is theinformation read out from the optical disk 201 by the informationreading section 210, and is identical with the signal S7. That is, asshown in FIG. 12, the signal S11 includes plural content decryption keysAD_(R) encrypted using plural encryption keys BE_(i), the headerinformation of the respective encryption keys BE_(i), contents encryptedby the content encryption key AE_(R) and the error correction code ECC.

The error correction circuit 220 is a device, which performs errorcorrection on the input signal S11. The error correction method is, asdescribed above, a well-known technique using the ECC; so thedescription thereof will be omitted.

The error correction circuit 220 separates the signal after the errorcorrection to two signals; i.e., the signal S12 (S12=Header (encryptionkey BE_(i))|Encryption (content decryption key AD_(R), encryption keyBE_(i))) and the signal S13 (S13=Encryption (contents, contentencryption key AE_(R))), and outputs the signals therefrom.

Here, as shown in FIG. 13, the signal S12 is identical with the signalS6. That is, the signal S12 is a collection of the content decryptionkey AD_(R) encrypted by the encryption key BE_(i) and the headerinformation of the encryption key BE_(i).

On the other hand, as shown in FIG. 14, the signal S13 is the contentsencrypted by the content encryption key AE_(R), and is identical withthe signal S4.

The decryption key storage device 230 is a device which stores pluralkinds of decryption keys (decryption key for decryption keys) BD₁, BD₂,. . . ,BD_(j), . . . ,BD_(M-1) and BD_(M), which are owned by each ofthe playback devices 200, and the header information Header (decryptionkey BD₁), Header (decryption key BD₂), . . . , Header (decryption keyBD_(j)), . . . , Header (decryption key BD_(M-1)) and Header (decryptionkey BD_(M)). In this description, it is assumed that M decryption keysare owned.

The decryption key storage device 230 stores at least one regionaldecryption key from one or more regional decryption keys, which areallotted to each of the playback regions to which the playback device200 belongs, and a playback device decryption key allotted to each ofthe playback devices 200.

Each of the decryption keys BD_(j) stored in the decryption key storagedevice 230 is arranged so that the relationship of P=Decryption(Encryption (arbitrary data P, encryption key BE_(i)), decryption keyBD_(j)) is established between the encryption key BE_(i) and thedecryption key BD_(j).

Also, the values of the headers are predetermined so that therelationship of Header (encryption key BE_(i))=Header(decryption keyBD_(j)) is established between the header added to the encryption keyBE_(i) and the header added to the decryption key BD_(j).

As shown in FIG. 15, the signal S14, which is output from the decryptionkey storage device 230, is provided with “decryption key BD₁|decryptionkey BD₂|. . . |decryption key BD_(j)|. . . |decryption keyBD_(M-1)|decryption key BD_(M)” and their header information “Header(decryption key BD₁)|Header (decryption key BD₂)|. . . |Header(decryption key BD_(j))|. . . |Header (decryption key BD_(M-1))|Header(decryption key BD_(m))”.

The content decryption key decryption circuit 240 is a circuit whichinputs signals S12 and S14 and determines whether or not the header“Header (encryption key BE_(i))”, which is read out from the opticaldisk 201, and the header “Header (decryption key BD_(j))”, which isowned by the playback device 200, agree with each other, and whendetermined as agree with each other, decrypts the content decryption keyAD_(R) (AD_(R)=Encryption (content decryption key AD_(R), encryption keyBE_(i))), which is encrypted using the decryption key BD_(j).

That is, the algorithm for decrypting the content decryption key AD_(R)is expressed as: content decryption key AD_(R)=Decryption (Encryption(content decryption key AR_(R), encryption key BE_(i)), decryption keyBD_(j)).

This processing is carried out on each of the combinations of i and juntil a combination of headers which agree with each other is found.When such combination is found and the content decryption key AD_(R) isdecrypted, the content decryption key decryption circuit 240 outputs asignal S15 (S15=content decryption key AD_(R)) shown in FIG. 16. When nocombinations which agree with each other are found, since the contentdecryption key decryption circuit 240 cannot output the signal S15, theplayback device 200 determines that the optical disk 201, which ispresently being read out, cannot be played, and every processing isterminated.

The data decryption circuit 250 is a circuit which inputs the signal S13and the signal S15, decrypts the signal S13 using the signal S15, andoutputs Decryption (Encryption (contents, content encryption keyAE_(R)), content decryption key AD_(R))=contents, which is the resultthereof, as a signal S16 shown in FIG. 17.

The decoder 260 is a circuit, which decodes the input signal S16(S16=contents) and plays the same. For example, when the playback device200 is connected to a TV or a display, the played contents are output onthe TV or the like.

Operation of the Playback Device

Next, the recording operation of contents in the above describedplayback device 100 will be described.

Before describing concrete operation, a key management system in thisembodiment, which has a selected region playback managing function ofcontents, will be described by referring to FIG. 18 and FIG. 19.

Key Management System with Selected Region Playback Managing Function

In this system, a tree for managing the keys is divided into sub-teesbased on playback region, and each of the sub-trees is allotted with oneplayback region. For example, as shown in FIG. 18, in the case wherefour playback regions 1-4 are formed, four sub-trees corresponding toeach of the playback regions are set up.

Each of the nodes, which includes a root and leaves of each sub-tree, isallotted respectively with an encryption key BE_(i) and a decryption keyBD_(j) corresponding thereto. Each of the playback devices is previouslyprovided with decryption keys BD_(j) residing in the path from the leaf,to which the playback device itself is allotted, to the root of thesub-tree.

When the encryption key BE_(i) and the decryption key BD_(j)corresponding thereto are in common (identical with each other) like thesecret key method, one key, which is shared between the encryption keyBE_(i) and the decryption key BD_(j), is allotted to each of the nodes.On the other hand, when the encryption key BE_(i) and the decryption keyBD_(j) are different from each other like the public-key method, twokinds of keys of the encryption key BE_(i) and the decryption key BD_(j)are allotted to each of the nodes. In FIG. 18 and FIG. 19, on thesub-tree, the decryption key BD_(j) only is indicated but the encryptionkey BE_(i) is omitted.

Here, the encryption keys BE₄-BE₇ and decryption keys BD₄-BD₇, which areallotted to the root of each sub-tree are common to every playbackdevice included in each of the playback regions. Accordingly, in theinitial state that no revoked playback device resides in, the above keysfunction as regional encryption key and decryption key for identifyingthe playback regions.

On the other hand, the encryption keys BE₁₆-BE₃₁ and the decryption keysBD₁₆-BD₃₁, which are allotted to the leaves in each sub-trees, aredifferent for each of the playback devices 1-16. Accordingly, therespective keys function as an encryption key and a decryption key ofeach playback device for identifying the respective playback device.

Also, since each of the encryption keys BE₁₆-BE₃₁ and the decryptionkeys BD₁₆-BD₃₁, and each of the encryption keys BE₈-BE₁₅ and thedecryption keys BD₈-BD₁₅ residing in the nodes between the root and theleaves are the keys are all unique respectively having no equivalent toeach other, if the keys are identified, the playback regionscorresponding to the keys are also identified. Therefore, each of thekeys functions also as the encryption key and the decryption key of theregions. In other words, any type of regional encryption keys andregional decryption keys may be employed if the playback regionscorresponding thereto can be identified based on the keys.

In the example shown in FIG. 18, a binary sub-tree structure is employedas the tree structure. The total number of the playback devices is 16;the number of the playback regions is 4; the number of the playbackdevices belonging to each of the playback regions is 4; and the numberof the decryption keys BD_(j) owned by each playback device is 3. Forexample, the playback device 4 belonging to the playback region 1 hasthree decryption keys of BD₄, BD₉, and BD₁₉, which are marked withcircles.

Each of these nodes is allotted with different keys. And it is arrangedso that, among the playback devices belonging to the same playbackregion (for example, playback devices 1 and 2), common decryption keys(for example, decryption key BD₄, and BD₈) are provided; but, among theplayback devices belonging to the playback regions different from eachother, (for example, playback devices 1 and 5), common decryption keysare not provided.

Assuming that the total number of the playback devices is “N”, thenumber of the playback regions is “R”, and the same number of theplayback devices are included in each of the playback regions, then thenumber of the decryption keys BD_(j) owned by the playback devices islog₂(N/R)+1.

For example, when creating a medium 301, which can be played in theplayback region 1 only, recorded in the medium 301 are the contents (thecontents=Encryption (contents, content encryption key AE_(R1)))encrypted by the content encryption key AE_(R1), and the contentdecryption key AD_(R1) (AD_(R1)=Encryption (content decryption keyAD_(R1), encryption key BE₄)) encrypted by the encryption key BE₄residing at the root of the playback region 1.

On the other hand, when creating a medium 302, which can be played bythe playback devices 3 and 4 only, recorded in the medium 302 are thecontents (the contents=Encryption (contents, content encryption keyAE_(R34))) encrypted by the content encryption key AE_(R34), and thecontent decryption key AD_(R34) (AR_(R34)=Encryption (content decryptionkey AD_(R34), encryption key BE₆)|Encryption (content decryption keyAD_(R34), encryption key BE₇)) encrypted by the encryption keys BE₆ andBE₇ residing in the roots of the playback regions 3 and 4.

A pair of the content encryption key and the content decryption key isallotted to each of the combinations of arbitrary playback regions. Thatis, when a medium is limited to the playback region 1 only, the mediumis allotted with the content encryption key AE_(R1) and the contentdecryption key AD_(R1) for the playback region 1. On the other hand,when a medium is limited to the playback regions 3 and 4 only, themedium is allotted with the content encryption key AE_(R34) and thecontent decryption key AD_(R34) for the combination of the playbackregions 3 and 4.

Likewise, according to each of the combinations of playback regions suchas playback region 2 only, 3 only, 4 only, or playback regions 1, 2, 3and 4, one of the pairs of the content encryption key and the contentdecryption key is allotted thereto respectively.

Here, when revoking a specific (plural or a single) playback device(s),which belong(s) to a playback region, a revocation processing is madeonly on a sub-tree, to which the playback device(s) to be revoked is/areincluded. For example, when revoking playback with the playback device4, as shown in FIG. 19, a sub-tree, which covers the playback devices1-3 excluding the playback device 4 is formed, and content decryptionkey AD_(2R1), which is newly set up (renewed), is encrypted usingencryption keys BE₈ and BE₁₈ on the sub-tree, and recorded on the newmedium 303. And the contents are encrypted by a content encryption keyAE_(2R1) corresponding to the content decryption key AD_(2R1), andrecorded on the new medium 303.

Owing to this arrangement, since the playback device 4 do not have anydecryption key corresponding to the encryption keys BE₈ and BE₁₈ of themedium 303, the playback device 4 cannot decrypt the content decryptionkey AD_(2R1) of the medium 303, and therefore can not decrypt and playthe contents. Also, even when any one of the decryption keys BD₄, BD₉and BD₁₉ is leaked out, the medium 303 cannot be played by the leakedkey. Accordingly, the copyright of content is protected.

In this case, when the content decryption key AD_(2R1) and the contentencryption key AE_(2R1) are changed into the keys different from thoseof the old medium 301, even when the content decryption key AD_(R1) isleaked out, the new medium 303 can not be played.

That is, when a playback device to be revoked is newly found, thecontent decryption key and the content encryption key are set up afterbeing changed to new keys. As a result, different content decryption keyand content encryption key are used depending on the combination of theplayback devices, which are permitted to play (not revoked) in an regionwhere content playback is permitted. Accordingly, when the playbackdevice 1 is also revoked, in addition to the playback device 4, furthernew content decryption key AD_(3R1) and content encryption key AE_(3R1)are used. In this embodiment, at the right side of the suffix R in thesymbol of each key, a number of playback region is given, and at theleft side thereof, a version of the key is given.

This method has the following characteristics; i.e., based on the regionwhere playback is permitted, or in accordance with the combination ofthe regions, different content decryption key AD_(R) and the contentencryption key AE_(R) are used; and further, the sub-trees for managingthe decryption keys BD_(j) and corresponding encryption keys BE_(i)owned by the playback devices are independent from each other based onplayback region. Accordingly, even when a content decryption key AD_(R)of a particular playback region or decryption key BD_(j) owned by theplayback device belonging to the playback region is leaked out, only themediums, which are permitted playback in the playback regions, aresubjected to the influence therefrom, but no influence is rendered tothe media, which are permitted playback in the playback regions otherthan the above.

In the example shown in FIG. 18 and FIG. 19, the medium influenced bythe leakage of the key owned by the playback device 4 is the medium 301only that permits playback in the playback regions including theplayback region 1.

Accordingly, the medium 302 limited to the playback regions 3 and 4 hasno relationship with the revocation of the playback device 4; thus, noalteration is required.

In this embodiment, decryption keys BD_(j) different from each other areallotted to each of the playback devices. Therefore, the revocation ofeach playback device can be controlled only by changing the encryptionkey BE_(i) recorded in the medium side; each of the playback devices1-16 has no relationship with the leakage of its own key. Accordingly,no change is required on the decryption key BD_(j) of its own.

Content Recording Procedure in the Recording Device

Next, the content recording procedures in the recording device 100 ofthe embodiment will be described by referring to the flowchart in FIG.20.

When recording contents on the master disk 101, first of all, therecording device 100 prompts to select the regions where playback of themedium is permitted (step ST1). This selection is ordinarily carried outby a content provider (copyright holder) or the like, who creates themedium by inputting instructions.

When the regions where playback of the medium is permitted are selectedand the recording device 100 obtains the selection information, thecontent encryption key inputting circuit 130 and the content decryptionkey inputting circuit 120 selects (choices) the content encryption keyAE_(R) and the content decryption key AD_(R) corresponding to thecombination of regions which are permitted to play (step ST2). Forexample, in FIG. 18, when the playback regions 3 and 4 are selected, thecontent encryption keys AE_(R34) and the content decryption keysAD_(R34) corresponding to the combination are selected.

These selected keys are output to the data encryption circuit 140 andthe content decryption key encryption circuit 160 as the signals S3 andS4.

Next, the key encryption key inputting circuit 150 prompts to select theplayback devices, which are permitted playback of the objective mediumin the regions where playback is permitted (step ST3). Ordinarily, thisselection is also carried out by the content provider. It may bearranged so that, for example, using a display device (output device)such as a display provided to the playback device 100 and an inputdevice such as keyboard, instructions are given to select every playbackdevice or a particular playback device in the regions where playback ispermitted. Further, it may be arranged so that, by storing theinformation for identifying a playback device, of which decryption keyBD_(j) has leaked out, and preparing a selection including the playbackdevices excluding the playback device of which decryption key BD_(j) hasleaked out, and the user can easily select the playback devicesexcluding that playback device.

When the playback regions and the playback devices are selected, the keyencryption key inputting circuit 150 selects the decryption key BD_(j)and creates a collection of the predetermined decryption keys BD_(j)(step ST4). Specifically, in the collection of decryption keys BD_(j),in which every selected playback device has at least one decryption keyBD_(j) in the collection; and playback devices, which are not selected(playback is not permitted), do not have any decryption key BD_(j) inthe collection, a collection in which the number of the keys is thesmallest, is selected.

Also, accompanying the selection of the decryption key BD_(j,) the keyencryption key inputting circuit 150 selects the encryption key BE_(i)corresponding to the selected encryption key BD_(j) (step ST4).

The key encryption key inputting circuit 150 outputs the selectedencryption key BE_(i) to the content decryption key encryption circuit160 as the signal S5.

Receiving the signals S2 and S5, the content decryption key encryptioncircuit 160 encrypts signal S2 (S2=content decryption keys AD_(R)) usingthe signal S5 (S5=every selected encryption key BE_(i)), and outputs thesignal S6 comprised of the encrypted data (the encrypted data=Encryption(content decryption key AD_(R), encryption key BE_(i))) and the headerinformation of each of the encryption keys BE_(i) to the errorcorrection circuit 170 (step ST5).

Also, upon receiving the signal S1 and the signal S3, the dataencryption circuit 140 encrypts the signal S1 (S1=contents) using thesignal S3 (S3=content encryption key AE_(R)), and outputs the encrypteddata (the encrypted data=Encryption (contents, content encryption keyAE_(R))) to the error correction circuit 170 as the signal S4 (stepST6).

Upon receiving the signals S4 and S6, the error correction circuit 170combines the signals S4 and S6 with each other and adds the errorcorrection code thereto, and outputs the signals to the media recordingsection 180 as the signal S7 (step ST7).

The media recording section 180 records the received signal S7 on themaster disk 101 as the recording medium (step ST8).

Owing to the above-described steps ST1-ST8, a medium (or a master disk),which can be played in the predetermined playback regions and withpredetermined playback devices, is manufactured.

Content Playback Procedure in Playback Device

Next, the procedures of playing the medium, which is created by therecording device 100, using the playback device 200, will be describedby referring to the flowchart in FIG. 21.

When the optical disk 201 as the recording medium is set up, theplayback device 200 reads out the information of the optical disk 201using the information reading section 210, and outputs the informationto the error correction circuit 220 as the signal S11 (step ST11).

Upon receiving the signal S11, the error correction circuit 220 performsthe error correction processing, and outputs the signal S12 (S12=Header(encryption key BE_(i))|Encryption (content decryption key AD_(R),encryption key BE_(i))) and the signal S13 (S13=Encryption (contents,content encryption key AE_(R))) to the content decryption key decryptioncircuit 240 and the data decryption circuit 250 respectively (stepST12).

The content decryption key decryption circuit 240 compares the Header(encryption key BE_(i)) of the signal S12 and the Header (decryption keyBD_(j)) of M decryption keys BD_(j) stored in the decryption key storagedevice 230, and checks whether or not there are any Headers which agreewith each other (step ST13).

Here, in the case there are Headers which agree with each other (i.e.,in case of Yes), the content decryption key decryption circuit 240decrypts the content decryption key AD_(R) using the decryption keyBD_(j) stored in the decryption key storage device 230, and outputs thekey to the data decryption circuit 250 as the signal S15 (step ST14).

Upon receiving the signal S15, the data decryption circuit 250 decryptsthe contents using the content decryption key AD_(R,) and outputs thecontents to the decoder 260 as the signal S16 (step ST15).

Upon receiving the signal S16, the decoder 260 plays (decodes) thecontents (step ST16). When the playback of the contents completes, theplayback processing by the playback device 200 is also terminated (stepST17).

On the other hand, in step ST13, in the case there are no Headers whichagree with each other (i.e., in case of No), since the playback by theplayback device 200 is not permitted, the optical disk 201 terminatesthe processing without playing the contents (step ST17).

Effect of the First Embodiment

According to the first embodiment, the contents are encrypted using thecontent encryption keys AE_(R), which are different for each of thecombinations of regions where playback is permitted, and the contentdecryption key AD_(R) for decrypting the above is encrypted by pluralencryption keys BE_(i). Accordingly, by encrypting the contentdecryption key AD_(R) using an encryption key BE_(i) corresponding to adecryption key BD_(j) owned by a playback device only that is permittedplayback and recording the key in the recording medium, the playbackdevices permitted to play the contents can be controlled.

And these encryption keys BE_(i) and decryption keys BD_(j) are set upso as to be different for each of the preset regions. Accordingly, byonly using an encryption key BE_(i) that is set up in the regions whereplayback is permitted, the limited regional playback control can becarried out without using any region code.

Further, by setting up the encryption key BE_(i) appropriately, even tothe playback devices residing in a region where playback is permitted,the playback can be controlled individually.

Owing to this arrangement, compared to the conventional method, whichperforms the playback management using the region code only, much highersecurity can be achieved from the point of view of copyright protectionof the contents.

Furthermore, the content decryption keys AD_(R) and the contentencryption keys AE_(R) different for each of the regions or thecombination of the regions where playback is permitted are used, and thesub-tees, which manage the decryption keys BD_(j) owned by the playbackdevices and the corresponding encryption keys BE_(i), are independentfrom each other within each of the playback regions. Accordingly, evenwhen a content decryption key AD_(R) in a particular playback region ora decryption key BD_(j) owned by a playback device belonging to theplayback region is leaked out, no influence is rendered to the media orthe playback devices, which are permitted the playback in other playbackregions. Owing to this arrangement, compared to the conventional caseset forth in the documents 1 and 2, where a tree structure, which is notdivided based on playback region, is employed, and the contentencryption keys and the content decryption keys do not differ with theregion where playback is permitted, preventive measures against theleakage of the key can be taken extremely simply.

By using two different kinds of encryption keys such as the contentencryption key AE_(R) and the encryption key BE_(i), as the protectivemeasures against the leakage of the content decryption keys AD_(R), thecontent decryption keys AD_(R) can be renewed without requiring anychanges on the decryption keys or the like at the playback device side.

Accordingly, even when content decryption key AD_(R) is leaked out, theprotective measures is made by just creating a new medium using a newcontent decryption key AD_(2R), and no alteration on the decryption keyBD_(j) is required at the playback device side. Owing to thisarrangement, compared to the case where the alteration is required alsoat the playback device side, the corrective measures against the leakageof the content decryption keys AD_(R) can be readily taken; thus, theeffectiveness of the copyright protection can be increased.

Also, even when a decryption key BD_(j) of a playback device is leakedout, by changing the record at the medium side, in every playback devicein the objective playback regions, only the decryption key BD_(j) ownedby a particular playback device can be revoked. Accordingly, thedecryption key BD_(j) enabling the playback can be changed withoutrequiring any alteration at the playback device side.

As described above, the playback device at the user side requires noalteration, and the preventive measures can be taken at the contentsupplier side only. Accordingly, the contents can be protected mucheffectively and swiftly.

According to the embodiment, a selected playback region control isachieved with the key management system having a modified tree structurewithout using any region code. In a system which uses the key managementsystem employing the tree structure for the purpose of copy protection,when the selected playback region control method of the presentinvention is added thereto, there is no devices that require extraaddition both at the medium side and the playback device side.Accordingly, the control method of the present invention can beintroduced thereto extremely easily and at low cost.

That is, when using the copy protection system with the key managementsystem having the tree structure and the selected playback regioncontrol using a flag such as region code together, in addition to thekey information, the flag has to be added to the medium side, and inaddition to the processing devices of the key information, a device foridentifying the flag has to be provided to the playback device side.Compared to the above, according to the embodiment, at the medium side,only the key information is recorded, and the flag does not have to beadded; and the playback device side also, the deice to process the flagdoes not have to be provided thereto. Accordingly, the circuits and thelike can be configured simply; and thus, the cost also can be reduced.Additionally, the selected playback region control like the case wherethe conventional flag is used can be achieved as well as the copyprotection system corresponding to the key management system can beachieved. Thus, the copyright protection function equivalent to theconventional method or the higher can be achieved.

Since the tree structure is divided based on the preset playback region,the number of the decryption keys BD_(j,) which are previously owned bythe playback device side, can be reduced. That is, in the conventionalkey management structure shown in FIG. 1 and FIG. 2, when the number ofthe playback devices is N, each of the playback devices has thedecryption keys of log₂N+1. On the other hand, according to theembodiment, when the number of the playback regions is R, the number ofthe decryption keys BD_(j) owned by each of the playback devices can bereduced to log₂(N/R)+1. Accordingly, the storage capacity of thedecryption key storage device 230 in the playback device 200 can bereduced; thus, the cost for that also can be reduced.

Depending on the number of the playback regions where playback ispermitted at the same time, compared to the conventional method, theupper limit of the data amount of the encrypted content decryption keyAD_(R) (Encryption (content decryption key AD_(R), encryption keyBE_(i))) to be recorded in the medium can be reduced.

That is, when the conventional complete sub-tree method is used as shownin FIG. 1 and FIG. 2, the upper limit of the number of the encryptedcontent decryption keys AD_(R) (Encryption (content decryption keyAD_(R), encryption key BE_(i))) to be recorded in a medium is, assumingthat the number of the playback devices to be revoked is “r”, and thetotal number of the playback devices is “N”, expressed as rlog₂(N/r).According to the method of the embodiment, the complete sub-tree methodsare used independently from each other based on the playback regions.When the number of the playback region where playback is permitted atthe same time is one, it is understood that the number of the playbackdevices is reduced from “N” to N/R (R is total number of the playbackregions). Owing to this, the upper limit of the number of the contentdecryption key AD_(R) to be recorded in the medium is resulted inrlog₂(N/(Rr)). Thus, compared to the conventional method, the number canbe considerably reduced.

On the other hand, when there are plural playback regions where playbackis permitted at the same time, in the initial state (a state thatplayback device is not revoked in the objective playback regions), thecontent decryption keys AD_(R) have to be encrypted using the encryptionkey BE_(i) allotted to the every root of the objective playback regions,and recorded in the medium. Due to this overhead, the upper limit of thenumber of the content decryption keys AD_(R) recorded in each of themedia is not always reduced. However, generally, compared to theoverhead due to the increase of the number of the playback regions whereplayback is permitted at the same time, the overhead due to the increaseof number of the playback devices to be revoked is much larger.Accordingly, in the ordinary operation, the increase can be almostnegligible. The actual number of the content decryption keys AD_(R) canbe reduced.

Assuming that the data amount of the encrypted content decryption keyAD_(R) recorded in the medium is constant, the upper limit of theplayback device, which can be revoked, can be increased. Accordingly, alarge number of playback devices can be revoked.

Since the medium stores header information also indicating the kind ofthe encryption key for decryption key, by referring to the headerinformation, each of the playback devices can determine easily andswiftly whether or not the decryption is possible using the decryptionkey for decryption key owned by each of the playback devices. A higherdecryption processing can be achieved.

Second Embodiment

Next, a second embodiment of the present invention will be described byreferring to FIG. 22.

The second embodiment is different from the first embodiment in the onlypoint that plural tree structures are formed in one region. Otherconfigurations such as the recording device 100 and the playback device200 are identical with those in the first embodiment. Therefore, thedescriptions about these configurations will be omitted, and the keymanagement system only will be described.

In this embodiment, the playback region 1 is formed with two treestructures. Like the first embodiment, each of the nodes including theroot and the leaves of each sub-tree is allotted with one encryption keyBE_(i) and one decryption key BD_(j) respectively. Each of the playbackdevices is previously provided with the decryption key BD_(j) residingon a path from the leaf to which the playback device itself is allottedto the root of the sub-tree.

Like the first embodiment, each of the encryption key BE_(i) and thedecryption key BD_(j) is a unique key respectively, which is differentfrom the encryption key BE_(i) and the decryption key BD_(j) allotted toeach of the nodes, and it is arranged so that no identical key isincluded among the encryption keys BE_(i) and the decryption keysBD_(j). Accordingly, the keys provided to each of the nodes of the twotree structures in the playback region 1 are also the keys differentfrom each other.

Therefore, the regional encryption key and the decryption key in theplayback region 1 include at least two kinds of keys of the encryptionkey BE₄, BE₅ and the decryption key BD₄, BD₅ respectively allotted tothe root of the two sub-trees in the playback region 1. Accordingly, themedium 304 for the playback region 1 is recorded with the contentdecryption key AD_(R1) encrypted by the encryption keys BE₄ and BE₅.

As for the allotting method of the plural tree structures in theplayback region 1, in the case where, for example, each of the playbackregions are set up in a range corresponding to the present region code,an appropriate method may be set up when carrying out the embodiment inthe following manner, i.e., the region in a region code may be set upmore minutely or on the manufacturer basis of the playback device, etc.

In the playback region 1, two sub-trees are provided. However, three ormore sub-trees may be provided. In the other playback regions 2-4 also,two or more sub-trees may be provided. In other words, it is acceptablewhen each of the playback regions 1-4 is provided with one or moresub-trees (tree structures) to manage the keys.

Effect of the Second Embodiment

In the second embodiment also as described above, the same effect asthat in the first embodiment can be obtained.

Further, as the playback region 1, by providing plural tree structures(sub-trees) in one playback region, even when the number of the playbackdevices disposed in the playback region is large, it is possible toreduce the number of layers of the tree structure. Accordingly, the keymanagement can be carried out easily. Particularly, in one playbackregion 1, by dividing the sub-tree based on, for example, country,prefectural region, or based on the manufacturer of the playback devicesor the like, the key management can be carried out easily. Accordingly,a user-friendly key management system can be provided.

Third Embodiment

Next, a third embodiment of the present invention will be described byreferring to FIG. 23 to FIG. 25.

The third embodiment is different from the first embodiment in the keymanagement system. Other configurations such as the recording device 100are identical with those in the first embodiment. Therefore,descriptions about these configurations will be omitted, and the keymanagement system only will be described.

The key management system of this embodiment is an application of thetree pattern division system set forth in the document 2. As describedin the document 2, the tree pattern division system allots a key to eachof the nodes in each layer in which the node in the tree structure ispositioned in accordance with node revocation pattern in the layer,which is lower by one layer than the node.

That is to say, as show in FIG. 23, and FIG. 24, at the root (layer 0)of each playback region, a key “₀₋₀K₀₀₀₀₋₀₋₀K₁₁₁₀” corresponding to thepattern for invalidating each node (node 0-3) in the lower layer (layer1) is set up. It should be noted that, as shown in FIG. 24, a number atthe left side of “K” indicates “layer number-relative node number”, anda number of four figures at the right side indicates “node revocationpattern”. In the node revocation pattern, each figure corresponds toeach node 0-3; and the figure corresponding to a node to be revoked isindicated by “1”. In this embodiment, since a 4-ary tree structure isemployed, the node revocation pattern is also 4-figure (4-bit). In thecase of 3-ary tree structure, the numeral is expressed by 3-figure(3-bit). Incidentally, “₀₋₀K₁₁₁₁” indicates a case where every node isrevoked, and in this case, since it is not necessary to set up the keyfor playback, the key therefore is not provided.

By recursively allotting different keys to these revocation patterns ineach node of each layer, the keys corresponding to each of therevocation patterns are allotted In the layers lower than the layer 1,the key, which makes every node effective, is expressed by “₁₋₀K₀₀₀₀” orthe like. However, to make every node effective, since it is achieved bymaking the nodes in the layer 1 effective using the upper layer, suchkey is not provided. Also, because of the same reason as the case of theroot, the key, which revokes every node, is not provided.

Each of the playback devices has a key corresponding to a pattern, whichcauses the playback device itself to be effective, i.e., not be revoked.For example, in FIG. 24, the playback device 4 has the following 15 keys(in FIG. 24, keys marked with thick frame). That is, in the keys of thelayer 0, the keys of “₀₋₀K_(0***)” which causes the node 0 in the layer1, to which the playback device 4 itself belongs, to be effective; i.e.,8 keys (in FIG. 24, keys marked with thick frame) of witch the left endfigure in the pattern of 4-figure (the figure corresponding to the node0 in the layer 1) is “0” indicating “effective”; and in the keys set upin the node 0 of the layer 1, the key of “₁₋₀K_(***0)” which causes theplayback device 4 to be effective; i.e., 7 keys (in FIG. 24, keys markedwith thick frame) of which the right end figure in the 4-figure patternis “0”.

In the tree pattern division system, which is set up as described above,when revoking a playback device, the key of a pattern, which revokes theplayback device, is selected, and the decryption key is encrypted usingthe key. For example, as shown in FIG. 25, when revoking the playbackdevices 4 and 7, from the layer 0, the key “₀₋₀K₁₁₀₀” corresponding tothe pattern, which causes the playback devices 9-16 only to beeffective, is selected; in the layer 1, the keys “₁₋₀K₀₀₀₁” and“₁₋₁K₀₀₁₀” corresponding to the pattern which revokes the playbackdevices 4 and 7 in the nodes 0 and 1, are selected.

When the content decryption key AD is encrypted using these keys andrecorded in the medium, since the playback device 9-16 is provided withthe decryption key BD corresponding to the key “₀₋₀K₁₁₀₀”, the contentdecryption key AD can be decrypted using the key BD; thus, the contentscan be decrypted. Also, since the playback devices 1-3, 5, 6 and 8 arerevoked with respect to the key “₀₋₀K₁₁₀₀”, the contents cannot bedecrypted. However, since they are provided with the decryption key BDcorresponding to the keys “₁₋₀K₀₀₀₁” and “₁₋₁K₀₀₁₀”, the contentdecryption key AD can be decrypted using the key BD owned by them; thus,the contents can be decrypt.

As shown in FIG. 23, in this embodiment, the tree structures (sub-trees)as described above are provided independently based on playback region,and the keys corresponding to each of the patterns are unique keysrespectively. Accordingly, the playback regions also can be identifiedbased on any of the keys. Accordingly, each of these keys functions asthe regional encryption key and the decryption key.

Like the second embodiment, each of the playback regions may be providedwith two or more tree structures (sub-trees).

Effect of the Third Embodiment

In the third embodiment also, content decryption keys AD and contentencryption keys AE, which are different for each of the regions orcombination of the regions where playback is permitted, are used; andthe decryption keys owned by the playback devices and the sub-trees formanaging the corresponding encryption keys are independent from eachother depending on the playback region. Even when a content decryptionkey AD of a particular playback region or a decryption key owned by aplayback device belonging to the playback region is leaked out, themedia or the playback devices, which are permitted playback in otherplayback regions are subjected to no influence. Thus, the same workingas the first and second embodiments is obtained.

Further, the tree pattern division system is employed as the keymanagement system. Therefore, when revoking a playback device, comparedto the above embodiments, it is possible to prevent the amount of thekeys to be recorded on the medium side from increasing. That is, whenrevoking, in each node from the playback device to be revoked to theroot, only one key corresponding to pattern is selected. Therefore, evenwhen the number of the playback devices to be revoked is large, it ispossible to prevent the number of the keys to be recorded on the mediumfrom increasing. Accordingly, the region for recording the keys can bemade smaller, and the recording amount of the contents can be madelarger.

Fourth Embodiment

Next, a fourth embodiment of the present invention will be described byreferring to FIG. 26.

In the above-described embodiments, the content data are directlyencrypted using the content encryption key, and the encrypted data aredirectly decrypted using the content decryption key. In the recordplayback system of the fourth embodiment, the content data are encryptedindirectly using the content encryption key, and the encrypted data aredecrypted indirectly using the content decryption key.

In this embodiment, the playback device 500 comprises a title keysetting circuit 510 for setting up and outputting title key S32, whichis set up for every title of the contents S31, a one-way functioncircuit 520 and a content encryption circuit 530. The one-way functioncircuit 520 is input with data S33, which is a part of the contents S31and the title key S32, and outputs the value (data) to encrypt thecontent S34. Incidentally, the one-way function circuit 520 is a circuitusing a one-way function, in which input value can be hardly obtainedfrom the output value.

The content encryption circuit 530 encrypts the contents S31 using thevalue (data) S34 output from the one-way function circuit 520 as theencryption key, and outputs the content encryption data S35.

Also, the key managing center 600 comprises a content key inputtingcircuit 610, a title key encryption circuit 620, an encryption key fordecryption key inputting circuit 630 and a content key encryptioncircuit 640.

In accordance with the content playback region, the title key encryptioncircuit 620 encrypts the title key S32 using the content key (contentencryption key) S41 input by the content key inputting circuit 610, andoutputs title key encrypting data S42.

The content key encryption circuit 640 in the key managing center 600encrypts the content key (here, it functions as the content decryptionkey) S41 using an encryption key for decryption key S43, which is inputin accordance with the playback regions of the contents and the playbackdevices, which are permitted the playback by the encryption key fordecryption key inputting circuit 630 in the key managing center 600, andoutputs contents key encryption data S44.

Then, the content encryption data S35, the title data key conversiondata S33 which is the part of data of the contents, the title keyencryption data S42, and the content key encryption data S44 arerecorded on an optical disk 501 or a master disk thereof.

On the other hand, the playback device 700 is provided with a decryptionkey storage device 710, a contents key decryption circuit 720, a titlekey decryption circuit 730, a one-way function circuit 740 and a contentdecryption circuit 750.

The decryption key storage device 710 stores a decryption key fordecryption key S51 corresponding to the playback device 700. Reading outthe optical disk 501, the content key decryption circuit 720 decryptsthe read-out content key encryption data S44 using the decryption keyfor decryption key S51. At this time, when the playback device is theplayback device 700 with which the playback is permitted, the contentkey decryption circuit 720 succeeds in the decryption. When the playbackdevice 700 is not permitted the playback device, since the playbackdevice 700 does not have the decryption key for decryption key S51corresponding to the encryption key for decryption key S43, the playbackdevice 700 fails in the decryption; thus, the contents cannot bedecrypted.

Upon succeeding in the decryption, the content key decryption circuit720 outputs content key data S52. The contents key data S52 is used asthe decryption key in the title key decryption circuit 730 to decrypt atitle key S53.

The decrypted title key S53 and the title key conversion data S33 areinput to the one-way function circuit 740, which is the same as theone-way function circuit 520, and value S54, which is the same as thevalue S34, is output.

Then, the content decryption circuit 750 decrypts the contentsencryption data S35 using the value S54 to output the contents.

Effect of the Fourth Embodiment

According to the embodiment as described above, in place of encryptingthe contents directly using the content encryption key, the contents areencrypted indirectly via the title key and the one-way function circuit520. Accordingly, by changing the title key, the contents encryptiondata can be readily changed. Thus, the copyright protection function canbe further enhanced. Particularly, even when the content key, which isset up based on playback region, is not changed, by changing the titlekey only, the contents encryption data can be changed. Accordingly, thetitle key can be changed frequently based on the kind of the contents;thus, the copyright protection function can be further enhanced.

The key managing center 600 may be established as an independentorganization. Or, the key managing center 600 may be incorporated in therecording device 500 side; i.e., a copyright holder having the contentsor a manufacturing company which manufactures the optical disk 501.

Modification of the Embodiment

The present invention is not limited to the above-described embodiment.In a range that the object of the present invention is achieved, thefollowing modifications are also included.

For example, as for the key management system of the encryption key fordecryption key and the decryption key for decryption key, it is notlimited to the key management system described in the first and secondembodiments or to the tree pattern division system described in thethird embodiment. For example, other key management system such as “thesubset difference method” described in the above document 1 may beemployed.

Also, as for the key management system, it is not always limited to thekey management system using the tree structure; but other system may beemployed. For example, other key management system as described belowmay be employed. That is, by previously preparing correspondinginformation between the encryption key for decryption key and thedecryption key set up in each of the playback devices, and the playbackregions to which each of such playback devices belongs, each of thecontent decryption keys are encrypted using the encryption keys fordecryption key of the respective playback devices belonging to theregions where playback is permitted. In other words, it is acceptablewhen pairs of the encryption key for decryption key for encrypting thecontent decryption key and the decryption key for decryption keycorresponding thereto are at least different from each other among thepreset regions.

In its essence, when carrying out the embodiment, the management systemof the encryption key for decryption key and the decryption key fordecryption key provided to each of the playback devices to revoke eachplayback device can be appropriately selected, it is acceptable when thekeys are managed at least as different keys among the playback regions.

In the case where the tree structure is employed, corresponding to thenumber of the playback devices to be revoked, the number of the keysused also can be controlled. Particularly, in an initial stage that thenumber of the playback devices to be revoked is small, the number of thekeys used is very small. Thus, the key management can be carried outeasily.

Further, the configuration of the recording device 100, 500 and theplayback device 200, 700 is not limited to the above embodiments. In itsessence, it is acceptable when the playback devices can encrypt thecontent data by directly or indirectly using the content encryptionkeys; and when the playback device can decrypt the encrypted data bydirectly or indirectly using the content decryption key.

In other words, in this invention, the wording “to encrypt the contentsby using the content encryption key” means to encrypt the contents bydirectly or indirectly using the content key. Likewise, the wording“content decryption key used to decrypt the encrypted contents” meansthe key, which can decrypt the contents by directly or indirectlyapplying to the contents.

Furthermore, in the above embodiments, the content encryption key andthe content decryption keys are arranged based on the regions whereplayback of the contents is permitted, or in accordance with thecombination of regions where playback thereof is permitted, and when aplayback device to be newly revoked is found, the keys are replaced withnew ones. The keys may be arranged in accordance with the combination ofthe playback devices, which belong to a playback permitted region andpermitted to play the contents. In this case also, since the playbackdevices themselves are divided based on playback region, the contentencryption key and the content decryption key are resulted in differentkeys respectively based on at least playback region or the combinationthereof. In this case, different from the flowchart in FIG. 20, each ofthe content encryption keys, the content decryption keys and theencryption keys for decryption key are set up after the playback regionsand the playback devices are appointed.

Still further, the recording medium for recording the encrypted contentsand the content decryption key is not limited to the optical disk.Various kinds of storage medium such as magnetic disk, magnetic tape,and memory card may be employed. The media recording section 180 of therecording device 100 and the information reading section 210 of theplayback device 200 may be appropriately set up in accordance with thekind of the employed recording medium.

Still furthermore, the encrypted contents and the content decryption keymay be recorded on a recording medium such as a magnetic disk, which isincorporated in a content delivery server as the information deliverydevice. By providing a delivery device to the content delivery serverfor delivering the encrypted contents and content decryption keyrecorded in the recording medium, it is possible to transmit encryptiondata of the content and content decryption key to the playback devices200, which access thereto via the Internet or LAN. Preferably, each ofthe playback devices 200 receives the encryption data, decrypts andplays the data.

The content encryption key AE_(R) and the content decryption key AD_(R)are set up in accordance with the playback regions where playback ispermitted or the combination thereof. And it is arranged so that, as thecase of media 301 and 303, when a playback device to be revoked in thesame playback region occurs, and when the combination of the playbackdevices permitted to playback the data is different from each other,different keys are used. However, it may be arranged so that, in suchcase also that the combination of permitted playback regions is the sameand the combination of the playback devices to be permitted to playbackthe data, the different keys are used. The kind of the deliveredcontents is not limited to music data; but images and characteristicinformation such as news may be included. The contents may beappropriately set up corresponding to the customer needs. The kind ofthe contents may be appropriately selected when carrying out contentdelivery business.

The recording device 100 is not limited to an exclusive device combinedwith various kinds of hardware, but may be configured by providing aninformation recording program to a general purpose equipment such as acomputer. Particularly, when the recording device 100 is configured bycombining the information recording program with a computer having adrive capable of writing on a DVD-R or the like, a small amount ofinformation recording media can be manufactured at a low cost.

The playback device 200 is not limited to an exclusive playbackequipment such as a DVD playback equipment, but may be configured bycombining an information playback program with a general purposeequipment such as a computer.

That is, as the playback device 200, for example, various kinds ofexclusive equipment such as portable phone set having various kinds ofwireless and/or cable communication functions, PDA (Personal DigitalAssistant), audio equipment, car audio equipment and general-purposeequipment represented by PC are available.

To constitute the recording device 100 and the playback device 200 usingthe programs, the programs are installed in a computer or the like via acommunication method as the Internet, or a recording medium such as aCD-ROM and a memory card, the CPU is caused to operate by the installedprogram.

The playback regions for managing the permission and inhibition of thecontent playback are ordinarily divided in accordance with regions,which are set up geographically such as municipality, prefecture,country and continent. However, for example, the regions may be set upbased on other than geography, like the case where the management iscarried out so that contents can be played by only a playback device ofa particular manufacturer.

As for particular configuration for carrying out the present invention,configuration and/or procedures other than the above may be adapted in arange that the object of the present invention is achieved.

INDUSTRIAL APPLICABILITY

The present invention is applicable to an information recording medium,an information recording device, an information playback device, aninformation delivery device, their method, their program and a recordingmedium recording the program. Particularly, the present invention isapplicable to optical disks such as DVDs (Digital Versatile Disc) as arecording medium (information recording medium) recording contents(information and data) of multimedia data or the like such as music andimages.

1. An information recording medium recording contents encrypted using acontent encryption key, and a content decryption key used for decryptingthe encrypted contents and encrypted by an encryption key for decryptionkey, wherein the encryption key for decryption key is different for eachof the regions preset for at least controlling the permission andinhibition of playback of the contents, the content encryption key andthe content decryption key are established corresponding to each of theregions where the content playback is permitted, or corresponding to thecombination of the regions where content playback is permitted.
 2. Aninformation recording medium according to claim 1, wherein the contentdecryption key is encrypted by the one or more encryption keys fordecryption key provided corresponding to the playback device with whichthe content playback is permitted.
 3. An information recording mediumaccording to claim 1, wherein header information indicating the kind ofthe encryption key for decryption key is further recorded therein.
 4. Aninformation recording medium according to claim 1, wherein the contentencryption key and the content decryption key belong to an region wherecontent playback is permitted, and are established corresponding to acombination of playback devices with which the content playback ispermitted.
 5. An information recording medium according to claim 1,wherein, when the content playback in a predetermined playback device isnewly revoked, the content encryption key and the content decryption keyare renewed to a new key respectively.
 6. An information recordingmedium according to claim 1, wherein the encryption keys for decryptionkey are managed by a key management system using one or more treestructures provided independently for the each region.
 7. An informationrecording medium according to claim 6, wherein the encryption keys fordecryption key are managed by a key management system employing one ormore tree structures for each of the regions in the state in which oneencryption key specified for region independently provided to each ofthe regions is a root and encryption keys specified for playback deviceprovided to each of the playback devices are the leaves.
 8. Aninformation recording medium according to claim 6, wherein each of thetree structures employs an n-divided tree (n≧2).
 9. An informationrecording medium according to claim 6, wherein the encryption keys fordecryption key are managed by a key management system employing ann-divided tree (n≧2) in the state in which one encryption key specifiedfor region independently provided to each of the regions is a root andencryption keys specified for playback device, provided to each of theplayback devices are the leaves.
 10. An information recording device,comprising: a content encryption key inputting section for establishingand inputting a content encryption key corresponding to each of theregions where playback of the contents is permitted, or corresponding tocombination of the regions where content playback is permitted; acontent decryption key inputting section for establishing and inputtinga content decryption key utilized for decrypting the contents encryptedby the content encryption key; an encryption key for decryption keyselecting section for selecting an encryption key for decryption keycorresponding to the region where playback of the contents is permitted;a content encryption section for encrypting the contents utilizing thecontent encryption key; a content decryption key encrypting section forencrypting the content decryption key using the encryption key fordecryption key, and a recording section for recording at least theencrypted contents and the encrypted content decryption key to aninformation recording medium.
 11. An information playback device forplaying information including contents encrypted utilizing a contentencryption key, and a content decryption key used for decrypting theencrypted contents and encrypted by an encryption key for decryptionkey, comprising: a decryption key storing section storing a decryptionkey for decryption key for decrypting the content decryption keyencrypted by the encryption key for decryption key; a content decryptionkey decrypting section for decrypting the content decryption key byusing the decryption key for decryption key; a content decryptingsection for decrypting the contents by utilizing the content decryptionkey, and a playback section for playing the decrypted contents, whereinthe decryption keys for decryption key is different for each of theregions preset for at least controlling the permission and inhibition ofthe content playback, the content encryption key and the contentdecryption key are established corresponding to each of the regionswhere content playback is permitted, or corresponding to the combinationof the regions where content playback is permitted.
 12. An informationplayback device according to claim 11, wherein the decryption keystoring section stores therein plural kinds of decryption keys fordecryption key including decryption keys specified for regionestablished corresponding to regions where information playback devicesbelong to, and decryption keys specified for playback device allotted toeach of the information playback devices.
 13. An information playbackdevice according to 12, wherein the plural kinds of decryption keys fordecryption key are allotted and stored to each of the playback deviceswith the management of a key management system employing one or moretree structures independently provided for each of the regions.
 14. Aninformation playback device according to 13, wherein the decryption keyfor decryption key are managed by a key management system employing oneor more tree structures for each of the regions in a state that adecryption key specified for region independently provided to each ofthe regions is the root and the decryption keys specified for playbackdevice provided to each of the playback devices are leaves.
 15. Aninformation delivery device comprising: a delivery section fordelivering contents encrypted utilizing a content encryption key, andcontent decryption key used for decrypting the encrypted contents andencrypted by an encryption key for decryption key.
 16. An informationrecording method, comprising the steps of: obtaining selectioninformation of the regions where playback of the contents is permitted,establishing a content encryption key and a content decryption keycorresponding to the selected regions or the combination thereof,obtaining an encryption key for decryption key preset in accordance withthe selected region, encrypting the contents utilizing the contentencryption key, encrypting the content decryption key using theencryption key for decryption key, and recording the encrypted contentsand the encrypted content decryption key to an information recordingmedium.
 17. An information recording method according to claim 16,further comprising a step of establishing the encryption key fordecryption key with a combination having the number smallest in a groupof the encryption keys for decryption key, in which the encryption keysfor decryption key owned by playback devices being permitted to play ina selected region is included, and the encryption key for decryption keyowned by playback device being prohibited from playing is not included.18. An information playback method for playing information includingcontents encrypted utilizing a content encryption key, and a contentdecryption key used for decrypting the encrypted contents and encryptedby an encryption key for decryption, wherein the decryption key fordecryption key is different for each of the regions preset at least forcontrolling the permission and inhibition of the content playback, thecontent encryption key and the content decryption key are establishedcorresponding to the each of the regions where content playback ispermitted or, in accordance with the combination of regions wherecontent playback is permitted, the method comprising the steps of:checking whether or not an information playback device has a decryptionkey for decryption key corresponding to the encryption key fordecryption key encrypting the content decryption key, decrypting thecontent decryption key using the decryption key for decryption key whenthe information playback device has the corresponding decryption key fordecryption key, decrypting the contents utilizing the decrypted contentdecryption key, and playing the decrypted contents.
 19. An informationrecording program, wherein the program causes a computer to execute theinformation recording method set forth in claim
 16. 20. An informationplayback program, wherein the program causes a computer to execute theinformation playback method set forth in claim
 18. 21. A recordingmedium recording an information recording program, wherein theinformation recording program set forth in claim 19 is recorded so as tobe read out by a computer.
 22. A recording medium recording aninformation playback program, wherein the information playback programset forth in claim 20 is recorded so as to be read out by a computer.